Modified for security.

[nucleus-jp/nucleus-plugins.git] / NP_gallery / trunk / gallery / comments.php

diff --git a/NP_gallery/trunk/gallery/comments.php b/NP_gallery/trunk/gallery/comments.php
index 1f7f95f..4a8d1e9 100644 (file)
--- a/NP_gallery/trunk/gallery/comments.php
+++ b/NP_gallery/trunk/gallery/comments.php
@@ -27,7 +27,7 @@ class NPG_COMMENTS {
 \r
                } else {\r
                        $query = 'select * from '.sql_table('plug_gallery_comment').\r
-                               ' where cpictureid='.$this->itemid.' order by ctime';\r
+                               ' where cpictureid='.intval($this->itemid).' order by ctime';\r
                        $comments = sql_query($query);\r
                        $this->commentcount = mysql_num_rows($comments);\r
                        \r
@@ -56,7 +56,7 @@ class NPG_COMMENTS {
        function amountComments() {\r
                $query = 'select count(*)'.\r
                        ' from '.sql_table('plug_gallery_comment').\r
-                       ' where cpictureid='.$this->itemid;\r
+                       ' where cpictureid='.intval($this->itemid);\r
                $res = sql_query($query);\r
                $arr = mysql_fetch_row($res);\r
                return $arr[0];\r
@@ -91,7 +91,7 @@ class NPG_COMMENTS {
                $host = addslashes($comment['host']);\r
                $ip = addslashes($comment['ip']);\r
                $memberid  = intval($comment['memberid']);\r
-               $pictureid = $this->itemid;\r
+               $pictureid = intval($this->itemid);\r
                \r
                $query = 'insert into '.sql_table('plug_gallery_comment').\r
                        '(cbody, cuser, cmail, chost, cip, cmemberid, ctime, cpictureid) '.\r